from flask import Flask, request
import socket
from datetime import datetime
import json

app = Flask(__name__)

SYSLOG_SERVER = 'x.x.x.x'  # Replace with your syslog server address
SYSLOG_PORT = 514  # Replace with your syslog server port
FACILITY = 13  # Facility code for security audit log
SEVERITY = 2  # Severity level for critical messages
USE_TCP = True  # Set this flag to True for TCP, False for UDP

def get_host_ip():
    try:
        # Get the hostname
        host_name = socket.gethostname()
        # Get the IP address of the host
        host_ip = socket.gethostbyname(host_name)
        return host_ip
    except Exception as e:
        print(f"Error getting host IP: {e}")
        return "Unable to get Host IP"

def format_uef(payload, source_ip):
    # Static fields as per UEF specification
    device_product = "Eyeglass Zero Trust"
    device_vendor = "Superna"
    device_version = "V1"  # Replace with the actual version if available
    device_event_class_id = "security"  # Replace or determine dynamically if possible
    version = "1.0"  # Literal string for version
    event_type = "threat_detection"  # Literal string for event_type

    # Extracting fields from the payload
    protocol = payload.get('protocol', 'Unknown')
    client_ip = payload.get('clientIPs', ['Unknown'])[0]  # Assuming clientIPs is a list
    comments = [action.get('comment', '') for action in payload.get('actions', [])]
    comment = ' | '.join(comments)  # Concatenate all comments, separated by ' | '

    time = datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z'
    user = payload.get('userName', 'Unknown')
    action = payload.get('actions', [{}])[0].get('action', 'Unknown')
    severity = payload.get('severity', 'Unknown')
    state = payload.get('state', 'Unknown')

    # Construct the UEF message as a comma-separated string
    uef_message = f"device_product={device_product},device_vendor={device_vendor},device_version={device_version}," \
                  f"device_event_class_id={device_event_class_id},version={version},event_type={event_type}," \
                  f"protocol={protocol},client_ip={client_ip},comment={comment},time={time},user={user}," \
                  f"action={action},severity={severity},state={state}"

    return uef_message

def send_to_syslog(uef_message, source_ip):
    priority = FACILITY * 8 + SEVERITY
    syslog_header = f"<{priority}>1 {datetime.utcnow().isoformat()} eyeglass-vm Superna-Zero-Trust {source_ip} - - -"
    syslog_message = f"{syslog_header} {uef_message}"
    print(f"Syslog Message: {syslog_message}")  # Print the syslog message to console

    if USE_TCP:
        # Create a TCP socket
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        try:
            sock.connect((SYSLOG_SERVER, SYSLOG_PORT))
            sock.sendall(syslog_message.encode('utf-8'))
        finally:
            sock.close()
    else:
        # Create a UDP socket
        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        try:
            sock.sendto(syslog_message.encode('utf-8'), (SYSLOG_SERVER, SYSLOG_PORT))
        finally:
            sock.close()

@app.route('/webhook', methods=['POST'])
def webhook():
    try:
        payload = request.json
        source_ip = get_host_ip()  # Get the host IP
        uef_message = format_uef(payload, source_ip)
        send_to_syslog(uef_message, source_ip)  # Pass source_ip here as well
        return "Success", 200
    except Exception as e:
        return str(e), 500

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000, debug=True)